Hi Everyone, I was hoping to get some input on how other people deal with complicated permission situations. I have banged my head against these concepts I think I need some fresh eyes.
- User accounts can create and manage their own content. - Users that are part of the same company can view the content created by Users at the company; however, they can only edit if given permission. - Users from different companies can share their content as either read or read/write with Users at other companies. Things I have thought about are: - Of course using object level permissions - Maybe using many-to-many to assign all of the different layers groupings a record would fall under. - How to allow sharing of content outside the company - should they be able to send an invite based on e-mail to share the content? as a lookup of everyone in the system wouldn't be appropriate. - How to control the read vs. write views Any kind of help would be greatly appreciated. I have struggled to wrap my head around the "right" way for a long time. JD -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/uVfk-78yaFEJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
